PutLoggingConfiguration

You can access information about all traffic that AWS WAF inspects using the following
steps:

Create an Amazon Kinesis Data Firehose .

Associate that firehose to your web ACL using a PutLoggingConfiguration request.

When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF will create a service linked role with the necessary permissions
to write logs to the Amazon Kinesis Data Firehose. For more information, see Logging Web ACL Traffic Information in the AWS WAF Developer Guide.

Errors

For information about the errors that are common to all actions, see Common Errors.

WAFInternalErrorException

The operation failed because of a system problem, even though the request was valid.
Retry your request.

HTTP Status Code: 500

WAFNonexistentItemException

The operation failed because the referenced object doesn't exist.

HTTP Status Code: 400

WAFServiceLinkedRoleErrorException

AWS WAF is not able to access the service linked role. This can be caused by a previous
PutLoggingConfiguration request, which can lock the service linked role for about 20 seconds. Please try
your request again. The service linked role can also be locked by a previous DeleteServiceLinkedRole request, which can lock the role for 15 minutes or more. If you recently made a DeleteServiceLinkedRole, wait at least 15 minutes and try the request again. If you receive this same exception
again, you will have to wait additional time until the role is unlocked.

HTTP Status Code: 400

WAFStaleDataException

The operation failed because you tried to create, update, or delete an object by using
a change token that has already been used.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs,
see the following: